This is the White Rhino Security blog, an IT technical blog about configs and topics related to the Network and Security Engineer working with Cisco, Brocade, Check Point, and Palo Alto and Sonicwall. I hope this blog serves you well. -- May The Lord bless you and keep you. May He shine His face upon you, and bring you peace.

Saturday, January 30, 2016

Friday, January 29, 2016

Not a real interesting story, but we picked up some old barn wood off the side of the road one night. We have used quite a bit of it for various things, and one of the things we used it for was to fill in a metal "C". We bought the "C" for my in-laws, as their last name starts with a C. We decided it would look way better if we filled it with this old barn wood. So we modified it.

Tuesday, January 26, 2016

I think everyone has certain things they don't like. For me, one of those things is going under a house with a tight crawl space. In fact, I absolutely hate it. But, sometimes you have to face your fears. I think that facing our fears can make us better in some way, once all is said and done.
So, on that house I'm redoing, I needed to go under and clean out some old ductwork. I have that thought that if I get stuck underneath the house, it's not going to be good. Naturally, I want to avoid crawl spaces. Below is one of the areas I had to go. This house has very little space that you are not flat on your belly. The flash on my camera blew out the floor joist.

Monday, January 25, 2016

Does "clear ip route *" clear the default route? The answer is yes, it does. I ran this command not long ago to clear out a routing table for some BGP work, and sure enough, it does clear out the static default route in a routing table. If you run this command, make sure you add in a default route again.

Sunday, January 24, 2016

Saturday, January 23, 2016

Before you email me, I know this flag below means different things to different people. Let me assure you that I'm not a racist, etc. If you know me at all, you know that is true. This just happens to be the pic of the week.

Friday, January 22, 2016

I didn't realize this until recently, but the ICX6430 does not support sFlow. I don't sell this switch anyway, since this is the very low end of access switches for Brocade, but I do come across them in the field. So just FYI, if you are setting up sFlow in your network, don't try on the ICX6430. Anything ICX6450 and above, you should be good though.

Thursday, January 21, 2016

I had another engineer come to me the other day and he asked me what other tool he could use to monitor the bandwidth of a circuit. His users had this video conference going via gotomeeting and, although I was not on the call he was on, my guess is that someone on that call had some latency issue in the video. So while he was on the call, I told him lets pull up Interface Traffic Monitor. I really like this free tool. Its a realtime bandwidth monitor that allows you to see just how much bandwidth is being used. So I quickly configured it for the site that was having issues, and sure enough, they were seeing 100% utilization on the T1 link.
See below the screenshot of when the user was on the video conference and when they were not on it.

Wednesday, January 20, 2016

I thought I would put this together so that you can see what kind of recoil a S&W.40 caliber M&P Shield has. It does have some recoil to it, but I do really like this pistol. Check out the link for the video of the recoil: https://youtu.be/QwS7zUFAqPI

Monday, January 18, 2016

Looks like collecting a CPInfo has changed a little. It seems to be a little nicer, in that it will upload for you the file you collect. See below the process I went through when collecting this for TAC:

CP> cpinfo -z -l -o /var/log/cp.cpinfo
Would you like to download the latest CPinfo package from Check Point Download Center? y/n: [y]y

Friday, January 15, 2016

Did you know that you can "push policy" from CLI? In this case, I have a Check Point 4800 that I want to install the policy on, but not through the GUI. I want to do this in CLI. So, I do the following:

Tuesday, January 12, 2016

I got onto this server that, when I did a ping to another server, would only return an IPv6 address. I mean, I had the server name, but to do what I needed, I just needed the IPv4 address, and not the IPv6 address. Since I didn't know what to make of it, I needed to find a way to get it to respond with the IPv4 address.
So, here is what I did. I added the "-4" option behind my ping statement. See below. The name of the server I want to ping is "jcupdate". If you look at the top, you will see where the IPv6 response came. Then I ran the "ping jcupdate -4" to get what I was looking for.

Thursday, January 7, 2016

Anyone can kill mildew and mold. We didnt have much, but I wanted to really clean out underneath that 1935 house. And to make sure, we found a mold/mildew killer recipe to make sure that all was good underneath in the crawlspace. So we mixed up the recipe and I rented a fogger and off I went. Below you can see how this works. You close up the space and let your fogger run until you are out. Depending on the size of the space will depend on how much you use. I used 2.5 gallons total. I know its safe with nothing growing underneath that I would be concerned about.

Wednesday, January 6, 2016

I like the capabilities of sflow. I needed to add sflow to a LACP LAG that was set up. You have to name the primary port. Here is my LAG config before adding sflow:
lag "LAG_1" dynamic id 1
ports ethernet 1/1/8 to 1/1/12
primary-port 1/1/8
deploy

Tuesday, January 5, 2016

My wife told me about staining new wood to look like older wood. Not long ago, she wanted me to stain that pallet table I made for my daughter. But instead of using stain, we used tea, vinegar and steel wool. Yeah, sounds odd, but it seems to have worked well. First, soak your steel wool overnight in the vinegar. Then, apply tea with a paint brush. Then apply the vinegar right after you put on the tea. You can see below a comparison of the old color and new. It will smell like vinegar temporarily, so you may want to do this outside. But, its only temporary.

Monday, January 4, 2016

I cant believe I have not done this post yet. I had a customer call me up on an ASA I configured remotely. He went up to put it in place and told me that although he could get on the Internet, he could not ping anything beyond the firewall. No worries. We can setup a policy for that. This should do it:

Sunday, January 3, 2016

Romans 4:23-25
The words "it was credited to him" were not written for him alone (Abraham), but also for us, to whom God will credit righteousness - for us who believe in him who raised Jesus our Lord from the dead. He was delivered over to death for our sins and was raised to life for our justification.